CVE-2023-0852
high-risk
Published 2023-05-11
Buffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.
Do I need to act?
-
0.38% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Maxify Gx4020 Firmware
I-Sensys Lbp621Cw Firmware
I-Sensys Lbp623Cdw Firmware
I-Sensys Lbp633Cdw Firmware
I-Sensys Lbp664Cx Firmware
I-Sensys Mf641Cw Firmware
I-Sensys Mf643Cdw Firmware
I-Sensys Mf645Cx Firmware
I-Sensys Mf742Cdw Firmware
I-Sensys Mf744Cdw Firmware
I-Sensys Mf746Cx Firmware
I-Sensys X C1127I Firmware
I-Sensys X C1127If Firmware
I-Sensys X C1127P Firmware
Mf642Cdw Firmware
Mf644Cdw Firmware
Mf741Cdw Firmware
Mf743Cdw Firmware
Mf745Cdw Firmware
Lbp621C Firmware
Affected Vendors
References (8)
58
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
1/34 · Minimal
Exposure
25/34 · High